a58cf16a4c6384fab4258b00c214ad53_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a58cf16a4c6384fab4258b00c214ad53_JaffaCakes118
Size

372KB
MD5

a58cf16a4c6384fab4258b00c214ad53
SHA1

56580c70f6ddd914c424042ff0a5801d6dc949f9
SHA256

d252f6347ca8d4406b4c6af83548122e26de27455498213817fff383c0dee173
SHA512

dfba2ab38f803bc7b37b2270e96185077d0a693bf572290186e272c53b1311ab4effb8e8faf212833bb5ccdb7851ee3165818a86d7d4c2bcda8c2de261fd4286
SSDEEP

6144:H8O9Y9BXaPhxt0mywpGsslqkQEqijbdtnsdLuDSW:luBMHfpGWziPHsdLuDSW

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
a58cf16a4c6384fab4258b00c214ad53_JaffaCakes118

Files

a58cf16a4c6384fab4258b00c214ad53_JaffaCakes118
.dll regsvr32 windows:4 windows x86 arch:x86

20bb6bc653664201688c539570d29d4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ccp.pdb

Imports

kernel32

WaitForSingleObject
lstrcmpW
ReadFile
GetFileSize
CreateFileW
GetFileAttributesExW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetVolumeInformationW
GetDriveTypeW
SetErrorMode
GetLogicalDrives
FindClose
GetTempFileNameW
CopyFileW
CreateDirectoryW
GetVersionExW
TerminateProcess
OpenProcess
LoadLibraryA
LocalFree
GetComputerNameW
ProcessIdToSessionId
GetCurrentProcessId
LocalAlloc
GetCurrentProcess
CreateMutexA
FileTimeToSystemTime
GetCurrentThreadId
GetSystemTime
GlobalUnlock
ReleaseMutex
GlobalLock
GlobalSize
CreateSemaphoreW
CreateEventW
SetFileAttributesW
GetSystemTimeAsFileTime
ReleaseSemaphore
DuplicateHandle
GetThreadLocale
FlushFileBuffers
SetFilePointerEx
SetLastError
DeviceIoControl
GetDiskFreeSpaceW
RemoveDirectoryW
GetFileAttributesW
GetSystemInfo
GetModuleHandleA
WideCharToMultiByte
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
GetLongPathNameW
GetCurrentThread
GetThreadPriority
SetThreadPriority
GetWindowsDirectoryW
GetSystemDirectoryW
GetTempPathW
lstrcpyW
lstrcatW
OpenEventW
SetEvent
Sleep
DeleteFileW
GetTickCount
lstrlenA
lstrcpynW
CreateProcessW
CloseHandle
FindFirstFileW
MoveFileW
FindNextFileW
GetModuleHandleW
InitializeCriticalSection
LoadLibraryExW
lstrcmpiW
DisableThreadLibraryCalls
RaiseException
LoadLibraryW
GetLastError
GetProcAddress
MultiByteToWideChar
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
InterlockedIncrement
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedDecrement
FreeLibrary
DeleteCriticalSection
lstrcpynA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
VirtualAlloc
VirtualProtect
RtlUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetVersionExA
GetLocaleInfoA
GetACP
InterlockedExchange
HeapSize
HeapReAlloc
HeapDestroy
OpenFileMappingW
lstrcpyA
CreateFileMappingW
CreateFileA
CreateMutexW
GlobalReAlloc
IsBadReadPtr
GlobalFree
GlobalAlloc
GetFileInformationByHandle
SetFilePointer
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
VirtualFree
HeapCreate
GetModuleFileNameA
GetStdHandle
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
ExitProcess
GetCPInfo
LCMapStringW
LCMapStringA
GetCommandLineA
MapViewOfFile
UnmapViewOfFile
InterlockedExchangeAdd
VirtualQuery

user32

UnregisterClassA
CharNextW
wsprintfW
CharLowerBuffW
SendMessageW
GetWindowThreadProcessId
FindWindowW
CharLowerW
GetDesktopWindow

advapi32

SetSecurityDescriptorDacl
GetNamedSecurityInfoW
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
ConvertStringSidToSidW
SetNamedSecurityInfoW
RegGetKeySecurity
RegOpenKeyW
RegSetKeySecurity
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
InitializeSecurityDescriptor
OpenProcessToken
GetTokenInformation
ImpersonateLoggedOnUser
OpenThreadToken
RevertToSelf
LookupAccountNameW
ConvertSidToStringSidW
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptDestroyKey
GetSidSubAuthority
GetSidSubAuthorityCount
CryptEncrypt
CryptDecrypt
CryptDeriveKey

shell32

SHFileOperationW
SHGetFolderPathW

ole32

CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitialize
CoUninitialize
StringFromCLSID
CreateStreamOnHGlobal
GetHGlobalFromStream

oleaut32

VarBstrFromI2
VarParseNumFromStr
VarNumFromParseNum
SafeArrayCreate
SafeArrayCreateVector
SafeArrayGetElement
SafeArrayPutElement
SafeArrayDestroy
SafeArrayRedim
SafeArrayAccessData
SafeArrayUnaccessData
VarBstrFromI4
VarI4FromStr
VariantCopy
SysStringByteLen
SysAllocStringByteLen
SysAllocStringLen
VarBstrCat
LoadTypeLi
LoadRegTypeLi
SysStringLen
SysAllocString
VarBstrFromUI4
VarUI4FromStr
VariantClear
VariantInit
VarBstrCmp
SysFreeString
VariantChangeType

shlwapi

PathMatchSpecW
PathRemoveFileSpecW
SHCreateStreamOnFileW
StrStrIW
StrStrW
PathSkipRootW
SHDeleteKeyW
SHDeleteEmptyKeyW
PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathAppendW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeA
UuidToStringA
RpcStringFreeW

wtsapi32

WTSQuerySessionInformationW
WTSFreeMemory
WTSOpenServerW
WTSCloseServer

netapi32

NetWkstaUserEnum
NetApiBufferFree

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20bb6bc653664201688c539570d29d4c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

shlwapi

rpcrt4

wtsapi32

netapi32

Exports

Exports

Sections

.text Size: 248KB - Virtual size: 247KB

.rdata Size: 56KB - Virtual size: 55KB

.data Size: 20KB - Virtual size: 36KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 28KB - Virtual size: 24KB

.text
Size: 248KB - Virtual size: 247KB

.rdata
Size: 56KB - Virtual size: 55KB

.data
Size: 20KB - Virtual size: 36KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 28KB - Virtual size: 24KB